Local Privilege Escalation Vulnerability in Quanos SCHEMA ST4 by Quanos
CVE-2026-11858

8.4HIGH

Key Information:

Vendor: Quanos Solutions Gmbh
Status: Schema St4
Vendor: CVE Published:; 17 June 2026

🔔 Create Quanos Solutions Gmbh Vulnerability Alert

What is CVE-2026-11858?

Quanos SCHEMA ST4 features a vulnerability within its Client Update Service that allows local authenticated users to elevate their privileges. This service operates with SYSTEM-level permissions and exposes a .NET Remoting interface through a named pipe, lacking adequate access controls. Malicious users with low privileges can exploit this vulnerability to connect to the exposed interface, executing privileged update methods like Update(). This unauthorized access could lead to arbitrary file manipulation, enabling local privilege escalation.

Affected Version(s)

SCHEMA ST4 SCHEMA ST4 on-premises, all versions

References

https://r.sec-consult.com/quanos

third-party-advisory

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Jun 10, 2026

Credit

Johannes Kruchem, SEC Consult Vulnerability Lab

CVE-2026-11858 Data

JSON